Appendix A - Risk ranking of recommendations

Recommendation	Risk Ranking
Recommendation 1 It is recommended that the Director General, Information Technology, Information Management, Administration and Privacy Division in collaboration with the Director General, Service Delivery and Program Management: develop and implement a benefits realization framework and a System Development Life Cycle (SDLC) framework consistent with VAC agile practices and align these frameworks with the existing project management framework, and develop additional guidance on the application of agile in the Department and publish the guidance on the Department’s intranet.	Important
Recommendation 2 It is recommended that the Director General, Information Technology, Information Management, Administration and Privacy Division in collaboration with the Director General, Service Delivery and Program Management: develop a more systematic approach for communication to users and subject matter experts as part of the agile process, strengthen the organization’s change management capacity and methodology, provide greater definition of the product owner role, and develop a digital literacy strategy aligned to the Department’s digital strategy.	Essential
Recommendation 3 It is recommended that the Director General, Information Technology, Information Management, Administration and Privacy Division, coordinate with SSC and develop and implement a plan to enable additional capacity for software development automation to align with the Department’s new agile process.	Important
Recommendation 4 It is recommended that the Director General, Information Technology, Information Management, Administration and Privacy Division, and the Director General of Service Delivery and Program Management: finalize the terms of reference and mandate of the Veterans Systems Priority Committee (VSPC), communicate additional details to program areas on the product roadmap for key systems, update the VSPC prioritization criteria and consult with program area representatives on the committee to ensure the criteria and prioritization process is clear and satisfactory.	Important

Critical:: Relates to one or more significant weaknesses for which no adequate compensating controls exist. The weakness results in a high level of risk.
Essential:: Relates to one or more significant weaknesses for which no adequate compensating controls exist. The weakness results in a moderate level of risk.
Important:: Relates to one or more significant weaknesses for which no adequate compensating controls exist. The weakness results in a low level of risk.

Language selection

WxT Language switcher

WxT Search form

Appendix A - Risk ranking of recommendations

Questions? Call us.

Have feedback for VAC?

VAC Assistance Service

Contact the Veterans Ombudsman